PHP Aspis: Using Partial Taint Tracking to Protect Against Injection Attacks
Source: Imperial College London
Web applications are increasingly popular victims of security attacks. Injection attacks, such as Cross Site Scripting or SQL Injection, are a persistent problem. Even though developers are aware of them, the suggested best practices for protection are error prone: unless all user input is consistently filtered, any application may be vulnerable. When hosting web applications, administrators face a dilemma: they can only deploy applications that are trusted or they risk their system's security. To prevent injection vulnerabilities, the authors introduce PHP Aspis: a source code transformation tool that applies partial taint tracking at the language level.
| Format: | Size: | 247.40 | |
| Date: | Apr 2011 |
People who downloaded this item also downloaded
- Strategies for Deploying Blade Servers in Existing Data Centers
- The Developer Is the Enemy
- Fuzzy Methods for Database Protection
- Separating Web Applications From User Data Storage With BSTORE
- Framework for Web Application Agile Development
